Announcing the new and improved Azure Log Analytics

Publisert på 9 august, 2017

Group Program Manager, Azure Log Analytics

The Azure Log Analytics service is rolling out an upgrade to existing customers today – offering powerful search, smart analytics, and even deeper insights. This upgrade provides an interactive query language and an advanced analytics portal, powered by a highly scalable data store resembling Azure Application Insights. This creates a consistent monitoring experience for IT operations and developers.

In the biggest upgrade since its launch, the new and improved Azure Log Analytics brings you a simple yet very powerful query language with all the capabilities requested in the language feedback. Over the last couple of months, we have been working closely with 60+ customers who had early access to the upgrade, and their feedback has been very positive regarding the enhanced experience and capabilities of the new language. Here are some of their quotes, I would like to share with you:

"Wizards of the Coast was fortunate enough to gain early access to Azure Log Analytics upgrade and it has been instrumental in our ability to diagnose issues within our code base and environments, and to view on a large scale the overall performance. The portal implementation is intuitive, and the query language is extremely easy to understand, and the IntelliSense implementation is refined and extremely helpful in its implementation.” 

–Scott Thomas, Infrastructure & Platform Architect, Wizards of the Coast

“I just got our workspace upgraded and the new query language is awesome (so far)! The queries are lightning fast, IntelliSense works great, and I can now do the aggregations I couldn't do before. This is light-years ahead of the old query engine. Bravo!”

–Microsoft IT

With the new query language, we can carve up Log Analytics data in any way we need to visualize it. Key benefits include the ability to use unions, joins, functions and variables. We have been able to create queries which would not have been possible with the original query language. The upgrade experience was seamless and existing queries were converted automatically. Even with custom solutions which we had developed for Log Analytics the conversion was very straightforward.”

–Cameron Fuller, Solution Director – Launch, Catapult Systems

Why should I upgrade?

This upgrade opens endless possibilities, but here are some of the brand new key capabilities available immediately after the upgrade, which takes only a few seconds, in most cases.

Powerful query language with built in Smart Analytics

The query language provides powerful search, query time field extractions, calculated fields, joins and unions, as well as rich date time operators, string operators and native JSON support. The query language also supports let statements, lambda expressions and comments in queries, an extremely important feature to modularize the queries, especially when sharing queries with colleagues or using them for live site support and troubleshooting. The query language offers flexible machine learning constructs and time series functions to help customers get deeper insights into their data. For instance, the time series functions help analyze CPU performance from hundreds of computers and select the top N based on usage spikes. There are numerous other capabilities included in the language, which can be further explored in the Azure Log Analytics resource.

Now let’s look at some examples for these, in the context of scenarios. All of the queries shown in the examples below were not feasible in the previous query language.

This query calculates whether a service-level agreement (SLA) was met based on IIS call duration. To try it for yourself, click to run the query.

2017-08-06_09h20_46

This example using joins, shows a list of missing security updates, for computers with a high severity security alert detection for the last day. To try it for yourself, click to run the query.

2017-08-06_09h24_07

Here is another example using time series analysis for analyzing the CPU performance of several computers and narrowing it down to the two most relevant. To try it for yourself, click to run the query.

2017-08-06_09h16_26

Advanced Analytics Portal

The Advanced Analytics portal gives you the best experience for writing interactive ad hoc queries, whether it is for troubleshooting, diagnostics, analyzing trends or creating quick visualizations. This game-changing experience provides multi-line editing features with context-aware syntax highlighting and powerful built-in visualizations. You can save and share queries and export data to Excel.

2017-08-06_08h50_49

Azure Portal, Power BI Desktop and Microsoft Flow Connector Integration

Now with one click, create a quick visualization on Analytics portal and pin the visualization to a shared Azure Dashboard. This enables you to create a single pane of glass across different workspaces, Azure resources and applications.

2017-08-06_08h46_50

With this upgrade, you have a much more powerful integration with Power BI Desktop, the same type of integration as in Application Insights. You can take advantage of additional Power BI visualizations, publish and share them with your colleagues on PowerBI.com and enable automatic daily reports. Finally, you can now integrate with Microsoft Flow and Azure Logic Apps, enabling you to create business flows, notifications, and much more.

How to upgrade

This is probably the simplest upgrade process you’ll experience. Within the application you’ll see a banner prompting you to upgrade, and with just one click, it will enhance your workspace – automatically converting all your artifacts, such as saved searches, views, alerts, and computer groups. Later, all non-upgraded workspaces will automatically be upgraded to the new query language and the platform. Learn more about upgrade process and FAQs in Azure documentation.

2017-08-04_23h32_24

Language documentation, learning tools and community

The Log Search page also provides a side-by-side experience with the old query language enabling you to learn and ramp up on the new query language. The main reason for a rollout upgrade vs automatic upgrade is to give you time to learn and ramp up at your own pace.

2017-08-06_08h24_10

The language documentation site includes extensive language reference, tutorials, examples and cheat sheets. A full-featured demo environment, enables you try out any queries. We are also launching a community site enabling you to interact with other product users, as well as the product team, with questions regarding query language.

Summary

The upgrade enables an assortment of new capabilities and customers are already taking advantage of them. Over the last week and half, during the soft launch period, hundreds of customers elected to upgrade their workspace, totaling in more than 1,000 enhanced workspaces. Upgrade your workspace today and start using the new powerful search and query language to gain deep insights into your data! Register now to join us for a webinar on August 17, 2017, where we will share more details and demos of this improved experience.